From ad0703886a80ba9e3eec0eb023243f691d53de75 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 11 Aug 2016 10:14:11 +0200 Subject: import from local directory --- bin/cryptech_runcmd | 136 ++++++++++++++++++++++++ bin/cryptech_upload | 294 ++++++++++++++++++++++++++++++++++++++++++++++++++++ bin/flash-target | 38 +++++++ bin/reset | 31 ++++++ 4 files changed, 499 insertions(+) create mode 100755 bin/cryptech_runcmd create mode 100755 bin/cryptech_upload create mode 100755 bin/flash-target create mode 100755 bin/reset (limited to 'bin') diff --git a/bin/cryptech_runcmd b/bin/cryptech_runcmd new file mode 100755 index 0000000..6407043 --- /dev/null +++ b/bin/cryptech_runcmd @@ -0,0 +1,136 @@ +#!/usr/bin/python +# +# Copyright (c) 2016, NORDUnet A/S All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +""" +Utility to upload new a firmware image or FPGA bitstream +""" +import os +import sys +import time +import struct +import serial +import argparse +import getpass + +from binascii import crc32 + +FIRMWARE_CHUNK_SIZE = 4096 +FPGA_CHUNK_SIZE = 4096 + +default_pins = {'wheel': 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding', + 'ct': 'ct', + } + +def parse_args(): + """ + Parse the command line arguments + """ + parser = argparse.ArgumentParser(description = "File uploader", + add_help = True, + formatter_class = argparse.ArgumentDefaultsHelpFormatter, + ) + + parser.add_argument('-d', '--device', + dest='device', + default='/dev/ttyUSB0', + help='Name of management port USB serial device', + ) + + parser.add_argument("--username", + choices = ("so", "wheel", "ct"), + default = "so", + help = "Username to use when logging into the HSM", + ) + + parser.add_argument('commands', metavar='CMD', type=str, nargs='+', + help='commands to execute') + return parser.parse_args() + + +def _write(dst, data, debug=False): + dst.write(data) + if not debug: + return + if len(data) == 4: + print("Wrote 0x{!s}".format(data.encode('hex'))) + else: + print("Wrote {!r}".format(data)) + + +def _read(dst, verbose=True): + res = '' + x = dst.read(1) + while not x: + x = dst.read(1) + while x: + res += x + x = dst.read(1) + #print ("Read {!r}".format(res)) + if verbose: + sys.stdout.write(res) + return res + +def _execute(dst, cmd): + global default_pins + _write(dst, '\r') + prompt = _read(dst) + if prompt.endswith('Username: '): + _write(dst, args.username + "\r") + prompt = _read(dst) + if prompt.endswith('Password: '): + pin = default_pins.get(args.username) + if not pin: + pin = getpass.getpass("{} PIN: ".format(args.username)) + _write(dst, pin + '\r') + prompt = _read(dst) + if not prompt.endswith('> '): + #sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt)) + return prompt + _write(dst, cmd + '\r') + response = _read(dst) + return response + + +def main(args): + global pin + dst = serial.Serial(args.device, 921600, timeout=2) + for this in args.commands: + _execute(dst, this) + dst.close() + return True + +if __name__ == '__main__': + try: + args = parse_args() + if main(args): + sys.exit(0) + sys.exit(1) + except KeyboardInterrupt: + pass + diff --git a/bin/cryptech_upload b/bin/cryptech_upload new file mode 100755 index 0000000..680a0ac --- /dev/null +++ b/bin/cryptech_upload @@ -0,0 +1,294 @@ +#!/usr/bin/env python +# +# Copyright (c) 2016, NORDUnet A/S All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +Utility to upload a new firmware image or FPGA bitstream. +""" + +import os +import sys +import time +import struct +import serial +import getpass +import os.path +import tarfile +import argparse +import platform + +from binascii import crc32 + +FIRMWARE_CHUNK_SIZE = 4096 +FPGA_CHUNK_SIZE = 4096 + + +def parse_args(): + """ + Parse the command line arguments + """ + + share_directory = "/usr/share" if platform.system() == "Linux" else "/usr/local/share" + + default_tarball = os.path.join(share_directory, "cryptech-alpha-firmware.tar.gz") + + if not os.path.exists(default_tarball): + default_tarball = None + + parser = argparse.ArgumentParser(description = __doc__, + formatter_class = argparse.ArgumentDefaultsHelpFormatter, + ) + + parser.add_argument("-d", "--device", + default = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE", "/dev/ttyUSB0"), + help = "Name of management port USB serial device", + ) + + parser.add_argument("--firmware-tarball", + type = argparse.FileType("rb"), + default = default_tarball, + help = "Location of firmware tarball", + ) + + parser.add_argument("--username", + choices = ("so", "wheel"), + default = "so", + help = "Username to use when logging into the HSM", + ) + + actions = parser.add_mutually_exclusive_group(required = True) + actions.add_argument("--fpga", + action = "store_true", + help = "Upload FPGA bitstream", + ) + actions.add_argument("--firmware", "--hsm", + action = "store_true", + help = "Upload HSM firmware image", + ) + actions.add_argument("--bootloader", + action = "store_true", + help = "Upload bootloader image (dangerous!)", + ) + + parser.add_argument("--simon-says-whack-my-bootloader", + action = "store_true", + help = "Confirm that you really want to risk bricking the HSM", + ) + + parser.add_argument("-i", "--explicit-image", + type = argparse.FileType("rb"), + help = "Explicit source image file for upload, overrides firmware tarball") + + return parser.parse_args() + + +def _write(dst, data): + dst.write(data) + #if len(data) == 4: + # print("Wrote 0x{!s}".format(data.encode("hex"))) + #else: + # print("Wrote {!r}".format(data)) + + +def _read(dst): + res = "" + x = dst.read(1) + while not x: + x = dst.read(1) + while x: + res += x + x = dst.read(1) + #print ("Read {!r}".format(res)) + return res + +wheel_pin = 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding' + +def _execute(dst, cmd): + global wheel_pin + pin = None + if args.username == 'wheel': + pin = wheel_pin + _write(dst, "\r") + prompt = _read(dst) + if prompt.endswith("Username: "): + _write(dst, args.username + "\r") + prompt = _read(dst) + if prompt.endswith("Password: "): + if not pin: + pin = getpass.getpass("{} PIN: ".format(args.username)) + _write(dst, pin + "\r") + prompt = _read(dst) + if not prompt.endswith(("> ", "# ")): + print("Device does not seem to be ready for a file transfer (got {!r})".format(prompt)) + return prompt + _write(dst, cmd + "\r") + response = _read(dst) + return response + +def send_file(src, size, args, dst): + if args.fpga: + chunk_size = FPGA_CHUNK_SIZE + response = _execute(dst, "fpga bitstream upload") + elif args.firmware: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "firmware upload") + if "Rebooting" in response: + response = _execute(dst, "firmware upload") + elif args.bootloader: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "bootloader upload") + if "Access denied" in response: + print "Access denied" + return False + if not "OK" in response: + print("Device did not accept the upload command (got {!r})".format(response)) + return False + + crc = 0 + counter = 0 + # 1. Write size of file (4 bytes) + _write(dst, struct.pack("